CVE-2009-5022
published 2011-05-03CVE-2009-5022: Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF…
PriorityP349medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.80%
95.3th percentile
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.5-1 (bookworm) | tiff 3.9.5-1 (bookworm) |
| libtiff | libtiff | <= 3.9.4 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff vulnerability
vendor_ubuntu·2011-04-21
CVE-2009-5022 tiff vulnerability
Title: tiff vulnerability
Summary: The TIFF library could be made to run programs as your login if it opened a
specially crafted file.
It was discovered that the TIFF library incorrectly handled certain JPEG
data. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could execute arbitrary code with
user privileges, or crash the application, leading to a denial of service.
Instructions: After a standard system update you need to restart your session to make
all the necessary changes.
Red Hat
libtiff ojpeg buffer overflow
vendor_redhat·2009-02-09·CVSS 6.8
CVE-2009-5022 [MEDIUM] CWE-228 libtiff ojpeg buffer overflow
libtiff ojpeg buffer overflow
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
Statement: This flaw did not affect libtiff as shipped in Red Hat Enterprise Linux 4 or 5. The OJPEG decoder is disabled in those distributions.
Package: libtiff (Red Hat Enterprise Linux 4) - Not affected
Package: libtiff (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2009-5022: tiff - Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before...
vendor_debian·2009·CVSS 6.8
CVE-2009-5022 [MEDIUM] CVE-2009-5022: tiff - Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before...
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
Scope: local
bookworm: resolved (fixed in 3.9.5-1)
bullseye: resolved (fixed in 3.9.5-1)
forky: resolved (fixed in 3.9.5-1)
sid: resolved (fixed in 3.9.5-1)
trixie: resolved (fixed in 3.9.5-1)
GHSA
GHSA-c6jf-8jhf-3f5j: Heap-based buffer overflow in tif_ojpeg
ghsa_unreviewed·2022-05-02
CVE-2009-5022 [MEDIUM] CWE-119 GHSA-c6jf-8jhf-3f5j: Heap-based buffer overflow in tif_ojpeg
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
OSV
CVE-2009-5022: Heap-based buffer overflow in tif_ojpeg
osv·2011-05-03·CVSS 6.8
CVE-2009-5022 [MEDIUM] CVE-2009-5022: Heap-based buffer overflow in tif_ojpeg
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
No detection rules found.
Bugzilla
CVE-2009-5022 CVE-2010-4665 libtiff various flaws [fedora-all]
bugzilla·2011-04-13·CVSS 6.8
CVE-2009-5022 [MEDIUM] CVE-2009-5022 CVE-2010-4665 libtiff various flaws [fedora-all]
CVE-2009-5022 CVE-2010-4665 libtiff various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=695885
Please note: this issue affects multiple supported v
Bugzilla
CVE-2009-5022 libtiff ojpeg buffer overflow
bugzilla·2011-04-12·CVSS 6.8
CVE-2009-5022 [MEDIUM] CVE-2009-5022 libtiff ojpeg buffer overflow
CVE-2009-5022 libtiff ojpeg buffer overflow
The libtiff OJPEG decoder contains a heap buffer overflow when decoding
certain malformed data.
This was made known via the upstream 3.9.5 announcement. The bug is quite
old.
upstream bug:
http://bugzilla.maptools.org/show_bug.cgi?id=1999
Discussion:
Statement:
This flaw did not affect libtiff as shipped in Red Hat Enterprise Linux 4 or 5. The OJPEG decoder is disabled in those distributions.
---
Created libtiff tracking bugs for this issue
Affects: fedora-all [bug 696204]
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0452 https://rhn.redhat.com/errata/RHSA-2011-0452.html
http://bugzilla.maptools.org/show_bug.cgi?id=1999http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.htmlhttp://openwall.com/lists/oss-security/2011/04/12/10http://secunia.com/advisories/44271http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://securitytracker.com/id?1025380http://www.debian.org/security/2011/dsa-2256http://www.mandriva.com/security/advisories?name=MDVSA-2011:078http://www.redhat.com/support/errata/RHSA-2011-0452.htmlhttp://www.remotesensing.org/libtiff/v3.9.5.htmlhttp://www.securityfocus.com/bid/47338http://www.ubuntu.com/usn/USN-1120-1http://www.vupen.com/english/advisories/2011/1014http://www.vupen.com/english/advisories/2011/1082https://bugzilla.redhat.com/show_bug.cgi?id=695885https://exchange.xforce.ibmcloud.com/vulnerabilities/66774http://bugzilla.maptools.org/show_bug.cgi?id=1999http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.htmlhttp://openwall.com/lists/oss-security/2011/04/12/10http://secunia.com/advisories/44271http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://securitytracker.com/id?1025380http://www.debian.org/security/2011/dsa-2256http://www.mandriva.com/security/advisories?name=MDVSA-2011:078http://www.redhat.com/support/errata/RHSA-2011-0452.htmlhttp://www.remotesensing.org/libtiff/v3.9.5.htmlhttp://www.securityfocus.com/bid/47338http://www.ubuntu.com/usn/USN-1120-1http://www.vupen.com/english/advisories/2011/1014http://www.vupen.com/english/advisories/2011/1082https://bugzilla.redhat.com/show_bug.cgi?id=695885https://exchange.xforce.ibmcloud.com/vulnerabilities/66774
2011-05-03
Published